Skip to main content

Mondoo 7.18 is out!

ยท 3 min read

๐Ÿฅณ Mondoo 7.18 is out! This release includes updated GCP resources, expanded EOL detection, and more!โ€‹

Get this release: Installation Docs | Package Downloads | Docker Container

๐Ÿงน IMPROVEMENTSโ€‹

GCP resource updatesโ€‹

We've continued to expand the data you can query using MQL in your GCP projects to make asset inventory and security easier:

  • Add new gcp.project.compute.addresses resource

    gcp.project.compute.addresses[0]: {
    ipv6EndpointType: ""
    created: 2022-12-15 12:45:25.62 -0800 -0800
    address: "10.10.0.2"
    network: data is not a map to auto-expand
    networkTier: "PREMIUM"
    id: "2700460578865297802"
    userUrls: [
        0: "https://www.googleapis.com/compute/v1/projects/mondoo-edge/regions/us-central1/forwardingRules/gke-mondoo-gke-cluster-2-c255f8bc-73b71c8f-pe"
    ]
    ipVersion: ""
    name: "gke-mondoo-gke-cluster-2-c255f8bc-73b71c8f-pe"
    status: "IN_USE"
    subnetworkUrl: "https://www.googleapis.com/compute/v1/projects/mondoo-edge/regions/us-central1/subnetworks/mondoo-gke-cluster-2-subnet"
    prefixLength: 0
    networkUrl: ""
    regionUrl: "https://www.googleapis.com/compute/v1/projects/mondoo-edge/regions/us-central1"
    addressType: "INTERNAL"
    purpose: "GCE_ENDPOINT"
    description: ""
    subnetwork: gcp.project.computeService.subnetwork name="mondoo-gke-cluster-2-subnet"
    }

  • Add new gcp.project.compute.forwardingRules resource

    gcp.project.compute.forwardingRules: [
    0: {
        description: ""
        ipProtocol: "TCP"
        serviceDirectoryRegistrations: []
        id: "1374403102344"
        labels: {}
        name: "front-lb-1-test"
        serviceName: ""
        network: gcp.project.computeService.network name="test-vpc-3"
        networkUrl: "https://www.googleapis.com/compute/v1/projects/manuel-development-2/global/networks/test-vpc-3"
        allPorts: false
        targetUrl: "https://www.googleapis.com/compute/v1/projects/manuel-development-2/regions/us-central1/targetHttpProxies/lb-1-test-target-proxy"
        ipAddress: "35.209.226.183"
        allowGlobalAccess: false
        networkTier: "STANDARD"
        backendService: ""
        isMirroringCollector: false
        subnetwork: data is not a map to auto-expand
        noAutomateDnsZone: false
        serviceLabel: ""
        ports: []
        loadBalancingScheme: "EXTERNAL_MANAGED"
        ipVersion: ""
        created: 2023-01-19 10:56:30.873 -0800 -0800
        metadataFilters: []
        regionUrl: "https://www.googleapis.com/compute/v1/projects/manuel-development-2/regions/us-central1"
        portRange: "80-80"
        subnetworkUrl: ""
    }
    ]

  • gcp.project.dataproc.clusters data is now only gathered if if the DataProc Cloud service is enabled in the project.

  • Improve reliability of parsing GCP alert policies conditions.

New and improved EOL detectionโ€‹

We've improved support for detecting end of life (EOL) platforms with new and updates EOL detection support:

  • Added EOL detection support for FreeBSD.
  • Added EOL detection support for Linux Mint.
  • Added EOL date for Alpine 3.17.
  • Added EOL date for Fedora 36 and 37.
  • Updated Debian EOL dates to use the end of LTS dates.
  • Updated Photon 2.0 EOL date for the revised date of Dec 31, 2022.
  • Updated Amazon 2022 EOL date for the revised date of Nov 1, 2027.

Support storing Okta token in OKTA_CLIENT_TOKEN env varโ€‹

If you don't want to pass your Okta token on the CLI with the --token flag, cnquery and cnspec now support fetching the token from the OKTA_CLIENT_TOKEN env var in your shell.

๐Ÿ› BUG FIXESโ€‹

  • Improve consistency of the icons in each integrations page and ensure they are all using the latest vendor logos.
  • Allow opening assets in the fleet view in new windows.
  • Don't show advisories with 0 impacted assets on the space overview page if there are no advisories for any assets in the space.